feat: util getRequestIP

[harlan-zw]

🔗 Linked issue

#272

❓ Type of change

• 📖 Documentation (updates to the documentation, readme, or JSdoc annotations)
• 🐞 Bug fix (a non-breaking change that fixes an issue)
• 👌 Enhancement (improving an existing functionality like performance)
• ✨ New feature (a non-breaking change that adds functionality)
• 🧹 Chore (updates to the build process or auxiliary tools and libraries)
• ⚠️ Breaking change (fix or feature that would cause existing functionality to change)

📚 Description

We should make it convenient for users to get the client request ip while being able to opt-in to trust the x-forwarded-for header.

Currently, users are implementing themselves:

• https://github.com/Baroshem/nuxt-security/blob/main/src/runtime/server/middleware/rateLimiter.ts#L7C14-L7C30
• https://github.com/timb-103/nuxt-rate-limit/blob/master/src/runtime/server/utils/rate-limit.ts#L81

I'm also open to naming this getClientIp or getRequestClientIp.

This utility does open the door for trusting spoofable headers (see nuxt-security), sorting that is out of the scope of this utility, I'll open this as a seperate issue.

📝 Checklist

• I have linked an issue or discussion.
• I have updated the documentation accordingly.

[codecov]

Codecov Report

Merging #503 (b688b22) into main (f3d0bc9) will decrease coverage by 0.02%.
Report is 2 commits behind head on main.
The diff coverage is 80.64%.

@@            Coverage Diff             @@
##             main     #503      +/-   ##
==========================================
- Coverage   82.41%   82.40%   -0.02%     
==========================================
  Files          31       31              
  Lines        3549     3580      +31     
  Branches      528      531       +3     
==========================================
+ Hits         2925     2950      +25     
- Misses        624      630       +6     

Files Changed	Coverage Δ
src/utils/request.ts	92.77% <79.31%> (-2.59%)	⬇️
src/types.ts	100.00% <100.00%> (ø)

[pi0]

Thanks for PR! I love it it is a must have util!

/cc @danielroe @atinux @antfu about naming ideas. I like the current getRequestI^P btw :)

[atinux]

Nice!

I like getRequestIP()

[danielroe]

Agreed on getRequestIP 👍

And nice work.

[harlan-zw]

With the introduction of this utility, it's important to consider this issue #504

As you can see, it's common for module authors to be trusting easily spoofed headers atm.